Auth Api Key

auth_api_key
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/19.0/auth_api_key
VERSION
VERSION 1.0.2
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSWeblate, OCA-git-bot, Iván Todorovich, oca-ci, arantxa-s73
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:40:47
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs
calling an API in order to identify -in this case- the calling program's
user.

Take care while using this kind of mechanism since information into http
headers are visible in clear. Thus, use it only to authenticate requests
from known sources.

For unknown sources, it is a good practice to filter out this header at
proxy level.

Odoo allows users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). However, `auth_api_key` has some special features of its own such as:
- API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case).
- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
- Admins can manage API keys for all users

Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module

Code Analysis

Views touched (3)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.list (in auth_api_key) auth.api.key list New
res_config_settings_view_form res.config.settings.form.inherit res.config.settings xpath Inherits base_setup.res_config_settings_view_form
Models touched (4)

New fields (4)
  • active Boolean
    compute='_compute_active' default=True readonly=False store=True
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals_list)
    @api.model_create_multi
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    help='If checked, when a user is archived/unactivated the same change is propagated to his related api key. It is not retroactive (nothing is done when enabling/disabling this option).' string='Disable API key for archived user'
Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    readonly=False related='company_id.archived_user_disable_auth_api_key'
Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/18.0/auth_api_key
VERSION
VERSION 1.0.2
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSWeblate, OCA-git-bot, oca-ci, michelerusti, oca-git-bot, thien, anusrinps96
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:30:10
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs
calling an API in order to identify -in this case- the calling program's
user.

Take care while using this kind of mechanism since information into http
headers are visible in clear. Thus, use it only to authenticate requests
from known sources.

For unknown sources, it is a good practice to filter out this header at
proxy level.

Odoo allows users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). However, `auth_api_key` has some special features of its own such as:
- API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case).
- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
- Admins can manage API keys for all users

Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module

Code Analysis

Views touched (3)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.list (in auth_api_key) auth.api.key list New
res_config_settings_view_form res.config.settings.form.inherit res.config.settings xpath Inherits base_setup.res_config_settings_view_form
Models touched (4)

New fields (4)
  • active Boolean
    compute='_compute_active' default=True readonly=False store=True
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals_list)
    @api.model_create_multi
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    help='If checked, when a user is archived/unactivated the same change is propagated to his related api key. It is not retroactive (nothing is done when enabling/disabling this option).' string='Disable API key for archived user'
Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    readonly=False related='company_id.archived_user_disable_auth_api_key'
Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/17.0/auth_api_key
VERSION
VERSION 1.1.2
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSWeblate, OCA-git-bot, oca-ci, thien, Chris Bergman, anusrinps96
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:20:04
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION
Authenticate http requests from an API key.

API keys are codes passed in (in the http header API-KEY) by programs
calling an API in order to identify -in this case- the calling program's
user.

Take care while using this kind of mechanism since information into http
headers are visible in clear. Thus, use it only to authenticate requests
from known sources.

For unknown sources, it is a good practice to filter out this header at
proxy level.

Odoo allows users to authenticate `XMLRPC/JSONRPC` calls using their API key instead of a password by native API keys (`res.users.apikey`). However, `auth_api_key` has some special features of its own such as:
- API keys remain usable even when the user is inactive, if enabled via settings (e.g., for system users in a shopinvader case).
- Supports dual authentication via Basic Auth and API_KEY in separate HTTP headers.
- Admins can manage API keys for all users

Given these advantages, particularly in use case like system user authentication, we have decided to keep the `auth_api_key` module

Code Analysis

Views touched (3)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.tree (in auth_api_key) auth.api.key tree New
res_config_settings_view_form res.config.settings.form.inherit res.config.settings xpath Inherits base_setup.res_config_settings_view_form
Models touched (4)

New fields (4)
  • active Boolean
    compute='_compute_active' default=True readonly=False store=True
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals_list)
    @api.model_create_multi
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    help='If checked, when a user is archived/unactivated the same change is propagated to his related api key. It is not retroactive (nothing is done when enabling/disabling this option).' string='Disable API key for archived user'
Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    readonly=False related='company_id.archived_user_disable_auth_api_key'
Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/16.0/auth_api_key
VERSION
VERSION 1.0.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSWeblate, OCA-git-bot, oca-ci, anusrinps96, Benoit Bertholon
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:53:43
ODOO DEPENDENCIES
ODOO DEPENDENCIES
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (2)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.tree (in auth_api_key) auth.api.key tree New
Models touched (2)

New fields (3)
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals_list)
    @api.model_create_multi
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/15.0/auth_api_key
VERSION
VERSION 1.1.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSOCA Transbot, Thierry Ducrest, Weblate, OCA-git-bot, oca-ci, Maksym Yankin
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:46:32
ODOO DEPENDENCIES
ODOO DEPENDENCIES
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (2)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.tree (in auth_api_key) auth.api.key tree New
Models touched (2)

New fields (3)
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals)
    @api.model
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/14.0/auth_api_key
VERSION
VERSION 3.0.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSGitHub, Denis Roussel, OCA Transbot, Thierry Ducrest, oca-travis, Weblate, OCA-git-bot, Simone Orsi, Chafique, Quentin Groulard, oca-ci
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:40:55
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (3)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.tree (in auth_api_key) auth.api.key tree New
res_config_settings_view_form res.config.settings.form.inherit res.config.settings xpath Inherits base_setup.res_config_settings_view_form
Models touched (4)

New fields (4)
  • active Boolean
    compute='_compute_active' default=True readonly=False store=True
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals)
    @api.model
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    help='If checked, when a user is archived/unactivated the same change is propagated to his related api key. It is not retroactive (nothing is done when enabling/disabling this option).' string='Disable API key for archived user'
Public methods (0)

No public methods.

New fields (1)
  • archived_user_disable_auth_api_key Boolean
    readonly=False related='company_id.archived_user_disable_auth_api_key'
Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/13.0/auth_api_key
VERSION
VERSION 1.1.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSStéphane Bidoul, Thierry Ducrest, oca-travis, OCA-git-bot, oca-ci, laurent.corron
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:34:11
ODOO DEPENDENCIES
ODOO DEPENDENCIES OCA/server-env:
    - server_environment
odoo/odoo:
    - base
    - base_sparse_field
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (2)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.tree (in auth_api_key) auth.api.key tree New
Models touched (2)

New fields (3)
  • key Char
    help='The API key. Enter a dummy value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals)
    @api.model
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/12.0/auth_api_key
VERSION
VERSION 3.0.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSStéphane Bidoul, Laurent Mignon (ACSONE), Daniel Reis, Stéphane Bidoul (ACSONE), OCA Transbot, Sébastien BEAU, oca-travis, OCA-git-bot, Mourad, Daniel Palomar
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:29:15
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (2)
XML IDNameModelTypeStatus
auth_api_key_form_view auth.api.key.form (in auth_api_key) auth.api.key form New
auth_api_key_tree_view auth.api.key.tree (in auth_api_key) auth.api.key tree New
Models touched (2)

New fields (3)
  • key Char
    default=<expr> help='The API key. Keep the default value in this field if it is\n obtained from the server environment configuration.' required=True
  • name Char
    required=True
  • user_id Many2one → res.users
    comodel_name='res.users' help='The user used to process the requests authenticated by\n the api key' required=True string='User'
Public methods (2)
  • create(self, vals)
    @api.model
  • write(self, vals)

New fields (0)

No new fields.

Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/10.0/auth_api_key
VERSION
VERSION 1.0.1
CATEGORY
CATEGORYUncategorized
LICENSE
LICENSELGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), ACSONE SA/NV
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), ACSONE SA/NV
COMMITTERS
COMMITTERSHolger Brunn, GitHub, Laurent Mignon (ACSONE), Stéphane Bidoul (ACSONE), oca-travis, OCA-git-bot, Quentin Groulard
WEBSITE
WEBSITEhttps://acsone.eu/
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:19:55
ODOO DEPENDENCIES
ODOO DEPENDENCIES OCA/server-tools:
    - server_environment
odoo/odoo:
    - base
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (0)

No views found for this module.

Models touched (2)

New fields (0)

No new fields.

Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (0)

No public methods.